Aggregator

A vulnerability was found in GNU binutils 2.31.1. It has been classified as critical. Affected is the function d_expression_1 of the file cp-demangle.c of the component GNU libiberty. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2018-20712. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in stb_image. It has been declared as critical. Affected by this vulnerability is the function stbi__load_gif_main. The manipulation leads to double free. This vulnerability is known as CVE-2023-45666. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in NICMx Fort up to 1.6.4. Affected is an unknown function of the component RPKI Data Handler. The manipulation leads to an unknown weakness. This vulnerability is traded as CVE-2024-56169. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Vim up to 9.1.1163. This affects an unknown part of the component Tar Handler. The manipulation leads to command injection. This vulnerability is uniquely identified as CVE-2025-27423. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Mozilla Firefox up to 135. It has been rated as critical. This issue affects some unknown processing of the component Garbage Collection Handler. The manipulation leads to incorrect regular expression. The identification of this vulnerability is CVE-2025-1934. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Google Chrome on Windows. This issue affects some unknown processing of the component DevTools. The manipulation leads to path traversal. The identification of this vulnerability is CVE-2025-1915. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Mozilla Firefox up to 135. Affected by this vulnerability is an unknown functionality of the component jar URL Handler. The manipulation leads to an unknown weakness. This vulnerability is known as CVE-2025-1936. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Google Chrome. It has been classified as critical. This affects an unknown part of the component Profiles. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2025-1916. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Recently, 57 countries signed an agreement pledging an "open" and "inclusive" approach to AI's development. The US and UK were not among them, with the US vice president implying productivity should be the priority over safety. Should the opportunity for AI to drive innovation and productivity be prioritized over safety and security?

WCNetJa Customer & Billing Data Allegedly Leaked on Dark Web

New York prosecutors say that two people working at a third-party contractor for the StubHub online ticket marketplace made $635,000 after almost 1,000 concert tickets and reselling them online. [...]

Alleged Data Breach of Customer Support Networks Up for Sale on Dark Web

Provisional Agreement Tied to Ransomware Attack Affecting 2.2 Million Customers
American pharmacy chain giant Rite Aid reached a $6.8 million agreement to settle a data breach class action lawsuit, which includes a pledge to improve its cybersecurity practices. The breach involved a ransomware group stealing data pertaining to 2.2 million customers.

Provisional Agreement Tied to Ransomware Attack Affecting 2.2 Million Customers
American pharmacy chain giant Rite Aid reached a $6.8 million agreement to settle a data breach class action lawsuit, which includes a pledge to improve its cybersecurity practices. The breach involved a ransomware group stealing data pertaining to 2.2 million customers.

Also: Bybit Hackers Launder Stolen Ether
This week, Trump announced a crypto strategic reserve; Bybit hackers laundered stolen Ether; Iris Ramaya Au, ex-girlfriend of crypto fraudster, pleaded guilty to a tax charge; CoinDCX will manage crypto seized by India's enforcement directorate.